Form Based Email
Originally, many of my pages had my email address so people can contact me.
(Some still do ... working on that.)
Unfortunately, the spammers used those to overload my mailbox.
Solution - use form based email to hide the email address.
And the spammers figured out how to use that to send crap -
but no where near as much.
In 1997, various groups began developing methods
(such as
CAPTCHA's)
to protect all types of online data submissions,
including form mail.
This series of pages discusses various aspects of sending email via a form ...
with specific information on doing this with a GoDaddy account
(good service ... but lousy help).
| gdform.asp & .php
| This is GoDaddy's suggested method to implement form mail
|
| CDONTS
| This method works with IIS 6 on Windows XP (before Nov 2011)
|
| CDOSYS
| This method works with IIS 6 & 7 on Windows XP
|
| CAPTCHA's
| These use a graphic with distorted characters to defeat spammers
|
| Request.ServerVariables
| This ASP object can provide the page the user was on when
the form link was clicked
|
|
|
|
Customized Form Based Email
On my old site, every page had an
email link for feedback
that was customized so that I could determine what page
the user was looking at.
(Perhaps that's why I get so much spam.)
a href="mailto:MyAccount@somewhere.org?subject=Name of Section - some_page.html"
|
When I replaced the email links with form mail, I kept the same
capability via links like
a href="/Feedback_Form.html?subject=Name of Section - some_page.html"
|
Code in the form extracts the string after the equals sign and uses it
in the email subject line.
Unfortunately, that action requires javascript to be turned on in
the user's browser (it would be better to call a server-side script),
but it hasn't caused a problem (that I know of) ... yet.
<![CDATA[
<script language="JavaScript">
<!--
// how to parse the url, from
// http://www.codeave.com/JavaScript/code.asp?u_log=7046
var is_input = location.href.indexOf('subject=');
if (is_input != -1)
{
Subject_str = location.href.substring(is_input+8, location.href.length);
}
document.write('<input type="hidden" name="subject" value="[Site_ID] ' + Subject_str+ '">');
document.write('<input type="hidden" name="a_url" value="' + location.href + '">');
//-->
</script>
<noscript>
<input type="hidden" name="subject" value="[Site_ID] no JavaScript" />
</noscript>
]]>
|
These 2 hidden fields are used to provide data
identifying the form the user was viewing.
- subject - Shows as the subject of the email
- a_url - Place the entire clicked url in the email body
In practice, I use several forms with different values for Site_ID.
Referring Page
When a user clicks a link, the address of the page with the link
is available via document.referrer
document.write('<p> HTTP_REFERER = ' + document.referrer);
|
Note that this is blank if the user types the url
(or uses favorites)
instead of clicking it.
Security Warning
Never, ever, for any reason, place any email address in a form if that
address will be used by some program as the email destination
... even in a hidden field.
If you do, then your server program can be hijacked to send spam to
thousands.
In ALL cases, be sure that the TO email address is configured
on the server in such a way that no hacker can modify it.
That being said, I sometimes use a single server-side script to
send email to different addresses.
This is handled by setting a value that is used to select
the actual address from a list on the server.
Normally, this value is hidden, but you could also provide a pick list,
comboBox, or other method for user selection.
Note - the email address are never included in the form.
Other Considerations
My primary interest in form based email was to reduce spam.
However, there are other uses
-
For instance, if every page of your site has an email address,
and for some reason the address changes (it happened to me),
then it is better to change that address on only one or two pages
instead of on hundreds.
Another consideration is organizations where several people
might want email. In this case, you will want to address the email
to some group address, and then add and removes users from the group
as appropriate.
Author:
Robert Clemenzi